Title-1

1. Data Hosting and Infrastructure Security

• Hosting Partner: Our primary infrastructure and data hosting are managed by LightEdge, a managed hosting provider specializing in regulated industries.
• Certifications & Compliance: We leverage LightEdge’s rigorous security framework, which maintains certifications including ISO 22301:2019, ISO/IEC 20000-1:2018, and ISO/IEC 27001:2013. Our data security measures are compliant with standards such as HIPAA, HITECH, and PCI.
• Physical Security: The physical security of all servers and data centers is managed by LightEdge’s comprehensive protocols, including strict access controls, surveillance, and environmental protection.
• Enhanced Network Security: The LightEdge hosted solution includes enterprise-grade network protection. This ensures data is secured through Firewall Services and Intrusion Detection/Prevention Systems (IDS/IPS) that are monitored and managed 24/7. All network perimeters are managed and maintained by LightEdge security experts.

2. Information Security Principles and Controls

• Confidentiality: All student and school data is treated as confidential and is accessed only by authorized personnel for legitimate business purposes (least privilege access model).
• Integrity: We ensure the accuracy and completeness of data. All security-related changes, including firewall rules, must undergo a formal, tracked change management process (managed by the Technical Lead and implemented by LightEdge).
• Access Control: Access to Renzulli Learning systems is granted based on the necessity for the user’s role, with strong password policies enforced for all accounts.

3. Incident Response and Monitoring

• 24/7/365 Monitoring & Management: LightEdge’s Managed Security Team provides constant intrusion monitoring, threat detection, and proactive management of network security devices (Firewalls, IDS/IPS) on the underlying infrastructure.
• Incident Activation: Upon detection (by LightEdge or Renzulli’s Technical Lead), the Incident Response Plan is immediately activated.
• Mitigation: The Technical Lead serves as the primary liaison with LightEdge, which executes the investigation, containment, and mitigation of all detected threats.
• Post-Incident Review: Every security event mandates a formal review to document the timeline, identify lessons learned, and update policies to prevent future occurrences.

4. Business Continuity and Disaster Recovery (BCP/DR)

• High Availability & Service Availability: We rely on LightEdge’s certified infrastructure, which includes redundant systems for power, cooling, and network connectivity, ensuring a high degree of service availability and resilience against single points of failure.
• Data Backup and Recovery: LightEdge provides Managed Backup Services with defined retention periods. This guarantees that data can be restored effectively and rapidly in the event of failure or data corruption.
• Recovery Strategy: In the event of a catastrophic failure, LightEdge executes established disaster recovery procedures, including failover to redundant systems and data restoration from recent backups, designed to meet a strict Recovery Time Objective (RTO).
• Communication: Our plan includes clear internal and external communication protocols for rapid updates to stakeholders and clients, ensuring transparency regarding any service disruption and estimated time to recovery.